abiword.patch abiword.spec openpkg...

Thomas Lotterer Thu, 29 Apr 2004 08:07:02 -0700

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   29-Apr-2004 17:07:00
  Branch: HEAD                             Handle: 2004042916065208

  Added files:
    openpkg-src/analog      analog.patch
    openpkg-src/doxygen     doxygen.patch
    openpkg-src/kde-qt      kde-qt.patch
    openpkg-src/perl-tk     perl-tk.patch
    openpkg-src/rrdtool     rrdtool.patch
    openpkg-src/tetex       tetex.patch
    openpkg-src/wx          wx.patch
  Modified files:
    openpkg-src/abiword     abiword.patch abiword.spec
    openpkg-src/analog      analog.spec
    openpkg-src/doxygen     doxygen.spec
    openpkg-src/firefox     firefox.patch firefox.spec
    openpkg-src/ghostscript ghostscript.patch ghostscript.spec
    openpkg-src/kde-qt      kde-qt.spec
    openpkg-src/mozilla     mozilla.patch mozilla.spec
    openpkg-src/pdflib      pdflib.patch pdflib.spec
    openpkg-src/perl-tk     perl-tk.spec
    openpkg-src/qt          qt.patch qt.spec
    openpkg-src/rrdtool     rrdtool.spec
    openpkg-src/tetex       tetex.spec
    openpkg-src/wx          wx.spec

  Log:
    SA-2004.017-png

  Summary:
    Revision    Changes     Path
    1.3         +48 -0      openpkg-src/abiword/abiword.patch
    1.17        +3  -3      openpkg-src/abiword/abiword.spec
    1.1         +22 -0      openpkg-src/analog/analog.patch
    1.39        +3  -1      openpkg-src/analog/analog.spec
    1.1         +47 -0      openpkg-src/doxygen/doxygen.patch
    1.35        +3  -1      openpkg-src/doxygen/doxygen.spec
    1.2         +48 -0      openpkg-src/firefox/firefox.patch
    1.3         +1  -1      openpkg-src/firefox/firefox.spec
    1.6         +48 -0      openpkg-src/ghostscript/ghostscript.patch
    1.55        +1  -1      openpkg-src/ghostscript/ghostscript.spec
    1.1         +47 -0      openpkg-src/kde-qt/kde-qt.patch
    1.10        +3  -1      openpkg-src/kde-qt/kde-qt.spec
    1.8         +48 -0      openpkg-src/mozilla/mozilla.patch
    1.84        +1  -1      openpkg-src/mozilla/mozilla.spec
    1.2         +48 -0      openpkg-src/pdflib/pdflib.patch
    1.27        +1  -1      openpkg-src/pdflib/pdflib.spec
    1.3         +97 -0      openpkg-src/perl-tk/perl-tk.patch
    1.59        +3  -1      openpkg-src/perl-tk/perl-tk.spec
    1.5         +47 -0      openpkg-src/qt/qt.patch
    1.105       +1  -1      openpkg-src/qt/qt.spec
    1.4         +47 -0      openpkg-src/rrdtool/rrdtool.patch
    1.52        +3  -1      openpkg-src/rrdtool/rrdtool.spec
    1.3         +47 -0      openpkg-src/tetex/tetex.patch
    1.54        +3  -1      openpkg-src/tetex/tetex.spec
    1.1         +47 -0      openpkg-src/wx/wx.patch
    1.10        +3  -1      openpkg-src/wx/wx.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/abiword/abiword.patch
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 abiword.patch
  --- openpkg-src/abiword/abiword.patch 5 Jan 2004 14:18:18 -0000       1.2
  +++ openpkg-src/abiword/abiword.patch 29 Apr 2004 15:06:52 -0000      1.3
  @@ -10,3 +10,51 @@
    (defined(__linux__) && defined(__powerpc__) && (__GLIBC__ <= 2) && 
(__GLIBC_MINOR__ <= 1))
    
    #define ICONV_CONST const
  +
  +--- libpng/pngrtran.c.orig   Wed Oct  2 20:20:24 2002
  ++++ libpng/pngrtran.c        Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- libpng/pngerror.c.orig   2002-10-03 13:32:27.000000000 +0200
  ++++ libpng/pngerror.c        2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/abiword/abiword.spec
  ============================================================================
  $ cvs diff -u -r1.16 -r1.17 abiword.spec
  --- openpkg-src/abiword/abiword.spec  6 Apr 2004 07:47:41 -0000       1.16
  +++ openpkg-src/abiword/abiword.spec  29 Apr 2004 15:06:52 -0000      1.17
  @@ -24,8 +24,8 @@
   ##
   
   #   package version
  -%define       V_opkg 2.1.1
  -%define       V_dist 2.1.1
  +%define       V_opkg 2.1.2
  +%define       V_dist 2.1.2
   
   #   package information
   Name:         abiword
  @@ -38,7 +38,7 @@
   Group:        Editor
   License:      GPL
   Version:      %{V_opkg}
  -Release:      20040406
  +Release:      20040429
   
   #   list of sources
   Source0:      
http://download.sourceforge.net/sourceforge/abiword/abiword-%{V_dist}.tar.gz
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/analog/analog.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1 analog.patch
  --- /dev/null 2004-04-29 17:06:53.000000000 +0200
  +++ analog.patch      2004-04-29 17:06:53.000000000 +0200
  @@ -0,0 +1,22 @@
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- src/libpng/pngerror.c.orig       2002-10-03 13:32:27.000000000 +0200
  ++++ src/libpng/pngerror.c    2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/analog/analog.spec
  ============================================================================
  $ cvs diff -u -r1.38 -r1.39 analog.spec
  --- openpkg-src/analog/analog.spec    7 Feb 2004 17:53:22 -0000       1.38
  +++ openpkg-src/analog/analog.spec    29 Apr 2004 15:06:52 -0000      1.39
  @@ -34,10 +34,11 @@
   Group:        Web
   License:      GPL
   Version:      5.32
  -Release:      20040207
  +Release:      20040429
   
   #   list of sources
   Source0:      http://www.analog.cx/analog-%{version}.tar.gz
  +Patch0:       analog.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -62,6 +63,7 @@
   
   %prep
       %setup -q
  +    %patch
   
   %build
       cd src
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/doxygen/doxygen.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1 doxygen.patch
  --- /dev/null 2004-04-29 17:06:53.000000000 +0200
  +++ doxygen.patch     2004-04-29 17:06:53.000000000 +0200
  @@ -0,0 +1,47 @@
  +--- libpng/pngrtran.c.orig   Wed Oct  2 20:20:24 2002
  ++++ libpng/pngrtran.c        Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- libpng/pngerror.c.orig   2002-10-03 13:32:27.000000000 +0200
  ++++ libpng/pngerror.c        2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/doxygen/doxygen.spec
  ============================================================================
  $ cvs diff -u -r1.34 -r1.35 doxygen.spec
  --- openpkg-src/doxygen/doxygen.spec  12 Feb 2004 19:16:37 -0000      1.34
  +++ openpkg-src/doxygen/doxygen.spec  29 Apr 2004 15:06:53 -0000      1.35
  @@ -34,10 +34,11 @@
   Group:        Text
   License:      GPL
   Version:      1.3.6
  -Release:      20040212
  +Release:      20040429
   
   #   list of sources
   Source0:      ftp://ftp.stack.nl/pub/users/dimitri/doxygen-%{version}.src.tar.gz
  +Patch0:       doxygen.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -59,6 +60,7 @@
   
   %prep
       %setup -q
  +    %patch
   
   %build
       opt=""
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/firefox/firefox.patch
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 firefox.patch
  --- openpkg-src/firefox/firefox.patch 10 Feb 2004 17:09:42 -0000      1.1
  +++ openpkg-src/firefox/firefox.patch 29 Apr 2004 15:06:54 -0000      1.2
  @@ -29,3 +29,51 @@
        || defined(NETBSD) || defined(OPENBSD) || defined(UNIXWARE) \
        || defined(DGUX) || defined(VMS) || defined(NTO)
    #define _PRSockLen_t size_t
  +
  +--- modules/libimg/png/pngrtran.c.orig       Wed Oct  2 20:20:24 2002
  ++++ modules/libimg/png/pngrtran.c    Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- modules/libimg/png/pngerror.c.orig       2002-10-03 13:32:27.000000000 +0200
  ++++ modules/libimg/png/pngerror.c    2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/firefox/firefox.spec
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 firefox.spec
  --- openpkg-src/firefox/firefox.spec  17 Feb 2004 08:44:09 -0000      1.2
  +++ openpkg-src/firefox/firefox.spec  29 Apr 2004 15:06:54 -0000      1.3
  @@ -34,7 +34,7 @@
   Group:        Web
   License:      MPL
   Version:      0.8
  -Release:      20040210
  +Release:      20040429
   
   #   package options
   %option       with_optimize   yes
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/ghostscript/ghostscript.patch
  ============================================================================
  $ cvs diff -u -r1.5 -r1.6 ghostscript.patch
  --- openpkg-src/ghostscript/ghostscript.patch 3 Jan 2004 09:08:22 -0000       1.5
  +++ openpkg-src/ghostscript/ghostscript.patch 29 Apr 2004 15:06:54 -0000      1.6
  @@ -48,3 +48,51 @@
    zlibd_ = $(zlibd1_) $(zlibd2_)
    $(ZGEN)zlibd_0.dev : $(ZLIB_MAK) $(ECHOGS_XE) $(ZGEN)zlibc.dev $(zlibd_)
        $(SETMOD) $(ZGEN)zlibd_0 $(zlibd1_)
  +
  +--- ../libpng-1.2.5/pngrtran.c.orig  Wed Oct  2 20:20:24 2002
  ++++ ../libpng-1.2.5/pngrtran.c       Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- ../libpng-1.2.5/pngerror.c.orig  2002-10-03 13:32:27.000000000 +0200
  ++++ ../libpng-1.2.5/pngerror.c       2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/ghostscript/ghostscript.spec
  ============================================================================
  $ cvs diff -u -r1.54 -r1.55 ghostscript.spec
  --- openpkg-src/ghostscript/ghostscript.spec  20 Feb 2004 19:22:16 -0000      1.54
  +++ openpkg-src/ghostscript/ghostscript.spec  29 Apr 2004 15:06:54 -0000      1.55
  @@ -43,7 +43,7 @@
   Group:        Graphics
   License:      Aladdin
   Version:      %{V_real}
  -Release:      20040220
  +Release:      20040429
   
   #   package options
   %option       with_x11     yes
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/kde-qt/kde-qt.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1 kde-qt.patch
  --- /dev/null 2004-04-29 17:06:55.000000000 +0200
  +++ kde-qt.patch      2004-04-29 17:06:55.000000000 +0200
  @@ -0,0 +1,47 @@
  +--- src/3rdparty/libpng/pngrtran.c.orig      Wed Oct  2 20:20:24 2002
  ++++ src/3rdparty/libpng/pngrtran.c   Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- src/3rdparty/libpng/pngerror.c.orig      2002-10-03 13:32:27.000000000 +0200
  ++++ src/3rdparty/libpng/pngerror.c   2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/kde-qt/kde-qt.spec
  ============================================================================
  $ cvs diff -u -r1.9 -r1.10 kde-qt.spec
  --- openpkg-src/kde-qt/kde-qt.spec    6 Apr 2004 13:41:07 -0000       1.9
  +++ openpkg-src/kde-qt/kde-qt.spec    29 Apr 2004 15:06:55 -0000      1.10
  @@ -34,11 +34,12 @@
   Group:        KDE
   License:      GPL
   Version:      3.2.3
  -Release:      20040406
  +Release:      20040429
   
   #   list of sources
   Source0:      ftp://ftp.trolltech.com/pub/qt/source/qt-x11-free-%{version}.tar.bz2
   Source1:      kde-qt.pc
  +Patch0:       kde-qt.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -71,6 +72,7 @@
   
   %prep
       %setup -q -n qt-x11-free-%{version}
  +    %patch
   
       #   avoid dependencies external to OpenPKG instance
       cp -rp mkspecs mkspecs.fresh
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/mozilla/mozilla.patch
  ============================================================================
  $ cvs diff -u -r1.7 -r1.8 mozilla.patch
  --- openpkg-src/mozilla/mozilla.patch 17 Oct 2003 12:36:37 -0000      1.7
  +++ openpkg-src/mozilla/mozilla.patch 29 Apr 2004 15:06:56 -0000      1.8
  @@ -51,3 +51,51 @@
    #endif
            fd = pt_SetMethods(osfd, ftype, PR_FALSE, PR_FALSE);
            if (fd == NULL) close(osfd);
  +
  +--- modules/libimg/png/pngrtran.c.orig       Wed Oct  2 20:20:24 2002
  ++++ modules/libimg/png/pngrtran.c    Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- modules/libimg/png/pngerror.c.orig       2002-10-03 13:32:27.000000000 +0200
  ++++ modules/libimg/png/pngerror.c    2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/mozilla/mozilla.spec
  ============================================================================
  $ cvs diff -u -r1.83 -r1.84 mozilla.spec
  --- openpkg-src/mozilla/mozilla.spec  23 Apr 2004 09:35:02 -0000      1.83
  +++ openpkg-src/mozilla/mozilla.spec  29 Apr 2004 15:06:56 -0000      1.84
  @@ -34,7 +34,7 @@
   Group:        Web
   License:      MPL
   Version:      1.7rc1
  -Release:      20040423
  +Release:      20040429
   
   #   package options
   %option       with_optimize   yes
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/pdflib/pdflib.patch
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 pdflib.patch
  --- openpkg-src/pdflib/pdflib.patch   12 Feb 2004 08:10:48 -0000      1.1
  +++ openpkg-src/pdflib/pdflib.patch   29 Apr 2004 15:06:56 -0000      1.2
  @@ -10,3 +10,51 @@
        @-if test "$(WITH_SHARED)" = "yes"; then        \
            $(LIBTOOL) -n --finish $(libdir);\
        else\
  +
  +--- libs/png/pngrtran.c.orig Wed Oct  2 20:20:24 2002
  ++++ libs/png/pngrtran.c      Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- libs/png/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
  ++++ libs/png/pngerror.c      2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/pdflib/pdflib.spec
  ============================================================================
  $ cvs diff -u -r1.26 -r1.27 pdflib.spec
  --- openpkg-src/pdflib/pdflib.spec    12 Feb 2004 08:10:48 -0000      1.26
  +++ openpkg-src/pdflib/pdflib.spec    29 Apr 2004 15:06:56 -0000      1.27
  @@ -38,7 +38,7 @@
   Group:        Graphics
   License:      PDFlib
   Version:      %{V_long}
  -Release:      20040212
  +Release:      20040429
   
   #   list of sources
   Source0:      
http://www.pdflib.com/products/pdflib/download/%{V_comp}src/PDFlib-Lite-%{V_long}-Unix-src.tar.gz
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/perl-tk/perl-tk.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.3 perl-tk.patch
  --- /dev/null 2004-04-29 17:06:57.000000000 +0200
  +++ perl-tk.patch     2004-04-29 17:06:57.000000000 +0200
  @@ -0,0 +1,97 @@
  +--- Tk-804.027/PNG/libpng/pngrtran.c.orig    Wed Oct  2 20:20:24 2002
  ++++ Tk-804.027/PNG/libpng/pngrtran.c Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- Tk-804.027/PNG/libpng/pngerror.c.orig    2002-10-03 13:32:27.000000000 +0200
  ++++ Tk-804.027/PNG/libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  +--- Tk-PNG-2.005/libpng/pngrtran.c.orig      Wed Oct  2 20:20:24 2002
  ++++ Tk-PNG-2.005/libpng/pngrtran.c   Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- Tk-PNG-2.005/libpng/pngerror.c.orig      2004-04-29 15:33:33.000000000 +0200
  ++++ Tk-PNG-2.005/libpng/pngerror.c   2004-04-29 15:35:46.000000000 +0200
  +@@ -81,11 +81,15 @@
  + 
  +    if (message == NULL)
  +       buffer[iout] = 0;
  +-   else {
  ++   else
  ++   {
  ++      png_size_t len;
  ++      if ((len = png_strlen(message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/perl-tk/perl-tk.spec
  ============================================================================
  $ cvs diff -u -r1.58 -r1.59 perl-tk.spec
  --- openpkg-src/perl-tk/perl-tk.spec  22 Apr 2004 07:56:26 -0000      1.58
  +++ openpkg-src/perl-tk/perl-tk.spec  29 Apr 2004 15:06:57 -0000      1.59
  @@ -67,7 +67,7 @@
   Group:        Language
   License:      GPL/Artistic
   Version:      %{V_perl}
  -Release:      20040422
  +Release:      20040429
   
   #   list of sources
   Source0:      http://www.cpan.org/modules/by-module/Tk/Tk-%{V_tk}.tar.gz
  @@ -100,6 +100,7 @@
   Source27:     
http://www.cpan.org/modules/by-module/Tk/Tk-TreeGraph-%{V_tk_treegraph}.tar.gz
   Source28:     
http://www.cpan.org/modules/by-module/Tk/Tk-Workspace-%{V_tk_workspace}.tar.gz
   Source29:     
http://www.cpan.org/modules/by-module/Tk/Tk-WorldCanvas-%{V_tk_worldcanvas}.tar.gz
  +Patch0:       perl-tk.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -322,6 +323,7 @@
       %setup -q -T -D -a 27
       %setup -q -T -D -a 28
       %setup -q -T -D -a 29
  +    %patch
   
   %build
   
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/qt/qt.patch
  ============================================================================
  $ cvs diff -u -r1.4 -r1.5 qt.patch
  --- openpkg-src/qt/qt.patch   28 Apr 2004 15:41:03 -0000      1.4
  +++ openpkg-src/qt/qt.patch   29 Apr 2004 15:06:58 -0000      1.5
  @@ -66,3 +66,50 @@
        fi
    fi
    
  +--- src/3rdparty/libpng/pngrtran.c.orig      Wed Oct  2 20:20:24 2002
  ++++ src/3rdparty/libpng/pngrtran.c   Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- src/3rdparty/libpng/pngerror.c.orig      2002-10-03 13:32:27.000000000 +0200
  ++++ src/3rdparty/libpng/pngerror.c   2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/qt/qt.spec
  ============================================================================
  $ cvs diff -u -r1.104 -r1.105 qt.spec
  --- openpkg-src/qt/qt.spec    28 Apr 2004 15:41:03 -0000      1.104
  +++ openpkg-src/qt/qt.spec    29 Apr 2004 15:06:58 -0000      1.105
  @@ -34,7 +34,7 @@
   Group:        XWindow
   License:      GPL
   Version:      3.3.2
  -Release:      20040428
  +Release:      20040429
   
   #   package library options (each 'yes' builds more libraries)
   %option       with_shared   no
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/rrdtool/rrdtool.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.4 rrdtool.patch
  --- /dev/null 2004-04-29 17:06:59.000000000 +0200
  +++ rrdtool.patch     2004-04-29 17:06:59.000000000 +0200
  @@ -0,0 +1,47 @@
  +--- libpng-1.0.9/pngrtran.c.orig     Wed Oct  2 20:20:24 2002
  ++++ libpng-1.0.9/pngrtran.c  Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- libpng-1.0.9/pngerror.c.orig     2002-10-03 13:32:27.000000000 +0200
  ++++ libpng-1.0.9/pngerror.c  2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/rrdtool/rrdtool.spec
  ============================================================================
  $ cvs diff -u -r1.51 -r1.52 rrdtool.spec
  --- openpkg-src/rrdtool/rrdtool.spec  7 Apr 2004 10:15:11 -0000       1.51
  +++ openpkg-src/rrdtool/rrdtool.spec  29 Apr 2004 15:06:58 -0000      1.52
  @@ -34,10 +34,11 @@
   Group:        Database
   License:      LGPL
   Version:      1.0.48
  -Release:      20040407
  +Release:      20040429
   
   #   list of sources
   Source0:      
http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/rrdtool-%{version}.tar.gz
  +Patch0:       rrdtool.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -66,6 +67,7 @@
   
   %prep
       %setup -q
  +    %patch
   
   %build
       #   configure package
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/tetex/tetex.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.3 tetex.patch
  --- /dev/null 2004-04-29 17:06:59.000000000 +0200
  +++ tetex.patch       2004-04-29 17:06:59.000000000 +0200
  @@ -0,0 +1,47 @@
  +--- libs/libpng/pngrtran.c.orig      Wed Oct  2 20:20:24 2002
  ++++ libs/libpng/pngrtran.c   Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- libs/libpng/pngerror.c.orig      2002-10-03 13:32:27.000000000 +0200
  ++++ libs/libpng/pngerror.c   2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/tetex/tetex.spec
  ============================================================================
  $ cvs diff -u -r1.53 -r1.54 tetex.spec
  --- openpkg-src/tetex/tetex.spec      7 Feb 2004 17:59:15 -0000       1.53
  +++ openpkg-src/tetex/tetex.spec      29 Apr 2004 15:06:59 -0000      1.54
  @@ -39,7 +39,7 @@
   Group:        Text
   License:      GPL
   Version:      %{V_src}
  -Release:      20040207
  +Release:      20040429
   
   #   package options
   %option       with_x11  no
  @@ -49,6 +49,7 @@
   Source1:      
ftp://cam.ctan.org/tex-archive/systems/unix/teTeX/%{V_base}/distrib/tetex-texmf-%{V_texmf}.tar.gz
   Source2:      http://www.tei-c.org.uk/Software/passivetex/passivetex.zip
   Source3:      ftp://ftp.tex.ac.uk/tex-archive/macros/xmltex/base.zip
  +Patch0:       tetex.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -89,6 +90,7 @@
   
   %prep
       %setup -q -n tetex-src-%{V_src}
  +    %patch
   
       #   teTeX requires the texmf stuff to be already in place
       #   for building and installing the source parts.
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/wx/wx.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1 wx.patch
  --- /dev/null 2004-04-29 17:07:00.000000000 +0200
  +++ wx.patch  2004-04-29 17:07:00.000000000 +0200
  @@ -0,0 +1,47 @@
  +--- src/png/pngrtran.c.orig  Wed Oct  2 20:20:24 2002
  ++++ src/png/pngrtran.c       Wed Jan 15 11:30:23 2003
  +@@ -1965,8 +1965,8 @@
  +          /* This changes the data from RRGGBB to RRGGBBXX */
  +          if (flags & PNG_FLAG_FILLER_AFTER)
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 1; i < row_width; i++)
  +             {
  +                *(--dp) = hi_filler;
  +@@ -1987,8 +1987,8 @@
  +          /* This changes the data from RRGGBB to XXRRGGBB */
  +          else
  +          {
  +-            png_bytep sp = row + (png_size_t)row_width * 3;
  +-            png_bytep dp = sp  + (png_size_t)row_width;
  ++            png_bytep sp = row + (png_size_t)row_width * 6;
  ++            png_bytep dp = sp  + (png_size_t)row_width * 2;
  +             for (i = 0; i < row_width; i++)
  +             {
  +                *(--dp) = *(--sp);
  +
  +Steve G <[EMAIL PROTECTED]>
  +Libpng accesses memory that is out of bounds when creating an error message
  +
  +Index: pngerror.c
  +--- src/png/pngerror.c.orig  2002-10-03 13:32:27.000000000 +0200
  ++++ src/png/pngerror.c       2004-04-28 13:24:22.000000000 +0200
  +@@ -135,10 +135,13 @@
  +       buffer[iout] = 0;
  +    else
  +    {
  ++      png_size_t len;
  ++      if ((len = png_strlen(error_message)) > 63)
  ++          len = 63;
  +       buffer[iout++] = ':';
  +       buffer[iout++] = ' ';
  +-      png_memcpy(buffer+iout, error_message, 64);
  +-      buffer[iout+63] = 0;
  ++      png_memcpy(buffer+iout, error_message, len);
  ++      buffer[iout+len] = 0;
  +    }
  + }
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/wx/wx.spec
  ============================================================================
  $ cvs diff -u -r1.9 -r1.10 wx.spec
  --- openpkg-src/wx/wx.spec    25 Apr 2004 07:18:53 -0000      1.9
  +++ openpkg-src/wx/wx.spec    29 Apr 2004 15:07:00 -0000      1.10
  @@ -34,10 +34,11 @@
   Group:        XWindow
   License:      LGPL
   Version:      2.4.2
  -Release:      20040425
  +Release:      20040429
   
   #   list of sources
   Source0:      
http://osdn.dl.sourceforge.net/sourceforge/wxwindows/wxGTK-%{version}.tar.bz2
  +Patch0:       wx.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -62,6 +63,7 @@
   
   %prep
       %setup -q -n wxGTK-%{version}
  +    %patch
   
   %build
       #   configure package
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

[CVS] OpenPKG: openpkg-src/abiword/ abiword.patch abiword.spec openpkg...

Reply via email to